Home Certification Schemes ISO 28000
Security & Resilience ISO 28000 2022

Security Management Systems

Requirements for security and resilience management systems providing a framework to establish, implement, maintain, and improve security management across supply chain and operational contexts.

logistics supply chain ports transportation
About This Standard

ISO 28000 specifies requirements for security and resilience management systems applicable to any organisation in its supply chain. The 2022 revision aligns the standard with Annex SL, significantly expanding its scope from supply chain security to broader organisational security management.

The standard addresses threats ranging from terrorism and piracy to fraud, theft, and environmental incidents. It applies to logistics companies, port operators, shipping lines, freight forwarders, and any organisation with security-sensitive supply chain activities.

ACI-certified auditors assess security management system design and the effectiveness of security risk treatments, evaluating both physical and operational security controls.

Examination Topic Areas
Security threat assessment and risk identification
Security policy, objectives, and management accountability
Operational security controls and security procedures
Physical security measures and access control management
Supply chain security requirements and partner assessment
Incident response and recovery for security events
Security performance monitoring and measurement
Security management system review and continual improvement
Examination & Certification Process
01
Attend Training

Attend an ACI-Approved Training Provider (ATP) course for your chosen grade level. ACI-approved courses are aligned to the examination syllabus for ISO 28000.

02
Sit the Examination

Examinations are administered exclusively through ACI Approved Training Providers. Foundation and Internal Auditor examinations require 70% to pass; Lead Auditor requires 65%.

03
Apply for Certification

Submit your application through the ACI portal with your examination result, training certificate, and relevant audit experience log. Upon approval you receive your ACI Card ID and digital certificate.

Scheme Details
Standard ISO 28000
Edition 2022
Category Security & Resilience
Cert. Period 3 years
Framework ISO/IEC 17024 Aligned
Available Grades PA · AA · AU · LA · PR · FACI
Get Certified
Apply for Certification → Find an ATP Entry Requirements
All Certification Schemes
Auditor Grades

Available Grades for ISO 28000

All six ACI auditor grades are available for this scheme. Each grade has defined competence, experience, and examination requirements.

PA
Provisional Auditor

Entry-level certification for those beginning their auditing career. Suitable for individuals who have completed foundation training but have limited audit experience.

Foundation examination pass (70%)
No prior audit experience required
Annual CPD requirement applies
AA
Associate Auditor

For auditors who have completed Internal Auditor training and have begun accumulating audit experience under supervision or in an internal audit role.

Internal Auditor examination pass
Minimum 2 internal audits conducted
Annual CPD requirement applies
AU
Auditor

Full auditor grade for practitioners with demonstrated audit experience. Recognised as a competent independent auditor of management systems.

Internal Auditor examination pass
Minimum 5 complete audits
Annual CPD requirement applies
LA
Lead Auditor

Senior grade for experienced auditors capable of leading audit teams and managing full audit programmes. The most widely recognised auditor grade internationally.

Lead Auditor examination pass (65%)
Lead Auditor training course
Minimum 10 complete audits as team lead
PR
Principal Auditor

Advanced grade for highly experienced auditors demonstrating sustained performance in complex audit environments and contributions to the auditing profession.

Lead Auditor grade prerequisite
Minimum 5 years audit experience
Professional development portfolio
FACI
Fellow of ACI

The highest ACI designation, awarded to individuals who have made an exceptional contribution to the management system auditing profession and to the ACI community.

By nomination and committee review
Exceptional professional contribution
Sustained ACI membership
Ready to certify in ISO 28000?

Find an Approved Training Provider, sit the examination, and submit your application to ACI.

How to Apply → Find an ATP